A PR look into the Tesco Bank cyber raid
The latest news on Tesco Banks cyber victimisation has left IT security systems speechless and some customers broke. The hacking reflects an obvious failure in their IT systems and consequently, a failure in the way in which the company conducted its crisis management PR. Tesco Banks lack of communication followed up with waves of customer complaints. The exposé tested the banks managerial skills in a corporate crisis.
On Saturday 5th November, hackers broke into the computer systems of Tesco Bank to withdraw money out from thousands of accounts. 40,000 accounts noticed suspicious activity, while reportedly half of them lost money. Experts have called this raid one of the biggest cyber bank robberies in the nation’s history. However, the way Tesco Bank addressed the attack caused customer frustration and an adverse effect on media coverage.
So let us quickly enrol at the “Public Relations School of Hindsight” to see what was done wrong and suggest what should have been done differently!
Tesco Bank followed the steps below to take control of the situation and communicate with the cardholders. Later on, we will mention how this ironically resulted in the creation of panic and dissatisfaction.
- Locked the accounts with any suspicious activity and sent texts to the account holders.
- Tweeted on the company’s two official Twitter pages (Tesco Bank and Tesco Bank Help), referring to the bank accounts as being locked due to a “safety precaution.”
- Issued a press release on Monday to reassure account holders that would be receiving a full refund. Benny Higgins, the Chief Executive at Tesco Bank, also confirmed that the bank was collaborating with the authorities and regulators to resolve the hacking.
In order to avoid the crisis from spreading, a proactive and transparent approach is normally required. But there are some structural issues that Tesco Bank needed to address as well.
- Let’s start with the basics; provide more customer service lines. Giving as little information to the customers about what had actually happened was in an effort to diverge from ‘panic’. Account holders understandably called Tesco Bank and immediately became frustrated when the lines were jammed. Happening on a weekend, it seemed there were only a few staff available to assist, making the response time slower. The staffing needed to be more sufficient in order to combat the response.
- After Tesco Bank confirmed the criminal activity, they should have given a full explanation of what had happen. Moreover, reassure the prevention of a reoccurrence. Although Twitter is a huge platform, they should not have relied solely on social media, especially as they were not active in responding. Instead, they needed to issue a press release on the day of the raid and continue to publicise updates throughout the weekend, rather than waiting until Monday. Customers needed reassurance through news, website updates, emails and text messages.
- Benny Higgins published the press release on Monday and updated it from then on, but it lacked empathy. For instance, a post by the management or even a video interview addressing the customers worries. The post/video should confirm that the situation is in the hands of professionals who are working continuously for the resolution. This would provide relief and go some way to mitigate complaints.
Tesco Banks next steps will be crucial for the protection of the brand. They need to take actions that reflect a powerful and dynamic business, which is in control of its IT. Despite the hack, moving ahead with confidence will re-establish the account holder’s trust. Not only that but, it will assuring that nothing similar would occur again. Most importantly, they need to update their online security systems with a more robust technology as tangible proof that they are on top of the situation!